Session:Bypassing the Suprema BIOStar Fingerprint Access Control
| Description | I'll show you how you can bypass a biometric access control (fingerprint reader) from Suprema. This device is broken AF |
|---|---|
| Website(s) | https://www.supremainc.com/ |
| Type | Talk |
| Kids session | No |
| Keyword(s) | hardware, software, hacking, security |
| Tags | Assembly:HSBE, security, pentesting, biometric, accesscontrol, fingerprint |
| Processing assembly | Assembly:HSBE |
| Person organizing | C |
| Language | en - English |
Other sessions...
| |
(Click here to refresh this page.)
| Starts at | 2019/12/28 19:00 |
|---|---|
| Ends at | 2019/12/28 19:45 |
| Duration | 45 minutes |
| Location | Assembly:HSBE |
Suprema is a major brand in the world of 'biometric access controls' aka fingerprint-reader-locks. These things allow for people to open doors to their home, office, etc. using their fingerprint (duh...). The device matches the scanned print with a collection of prints in a database. If it finds a match then it triggers the relay which unlocks the door. This sounds simple enough but there are a ton of things that might go wrong with this, certainly when the necessary checks are not enabled in the devices configuration, which is almost never the case. These checks involve for example 'tamper-control', a sensor which triggers an alarm when the device is physically tampered with. In the end the fingerprint-reader needs some sort of connection to a control-server which allows the admin to manage registered prints, so the device needs a network-connection. If the device is not protected with tamper-control (which is not enabled by default) then this leaves the network-connection at the back of the device vulnerable for all sorts of attacks. In the end, if these devices are not properly installed, it's like laying a laptop outside the front-door of your office, connected with a LAN-cable to your network by the way.
